Cyber Risk GmbH (Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341) invites you in the preparation class for the CRCMP certification program. It has been designed to provide with the knowledge and skills needed to understand and support regulatory compliance and enterprise-wide risk management. The course provides with the skills needed to pass the Certified Risk and Compliance Management Professional (CRCMP) exam.

Language: English.

The CRCMP program has become one of the most recognized programs in risk management and compliance. There are CRCMPs in 32 countries around the world.

The CRCMP is a preferred certificate for companies and organizations around the world. For example:

What is included in the price:

A. One-day (09:00-17:00) instructor-led training. The admission ticket includes coffee, refreshments, snacks, and lunch. Instructor: George Lekatis, general manager of Cyber Risk GmbH and president of the International Association of Risk and Compliance Professionals (IARCP).

C. Up to 3 Online Exams. You must pass only one exam to become a CRCMP. If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price.

Answer: No. There is no other cost, now or in the future, for this program.

2. Is it an open book exam? Why?

Answer: Yes, it is an open book exam. Risk and compliance management is not something you have to memorize, it is something you must understand and learn.

3. Do I have to sit for the exam soon after the class?

Answer: No. You can sit for the exam from your office or home anytime in the future. We will create an online account that never expires.

4. Do I have to spend more money in the future to remain certified?

Answer: No. Your certificate never expires.

5. How many hours do I need to study to pass the exam?

Answer: It depends on your knowledge and experience. You must study the presentations carefully. You must go through the slides two or more times to ensure you have learned the details. It takes about 32 hours (average).

6. Are there any prerequisites for this program?

Answer: There are no prerequisites.

Frequently Asked Questions about the instructor-led training

1. What's the refund policy?

Answer: 100% refund is possible for a ticket if canceled 7 days before the event.

2. Do I have to bring my printed ticket to the event?

Answer: No.

3. Can I update my registration information?

Answer: Yes.

4. Is my registration fee or ticket transferrable?

Answer: Yes.

5. Is it ok if the name on my ticket or registration doesn't match the person who attends?

Answer: Yes.

Important information

The International Association of Risk and Compliance Professionals (IARCP - 1200 G Street NW, Suite 800, Washington DC 20005, USA, www.risk-compliance-association.com) is a business unit of Compliance LLC, incorporated in Wilmington NC and offices in Washington DC, a provider of risk and compliance training and executive coaching in 36 countries. Several business units of Compliance LLC are very successful associations that offer standard, premium and lifetime membership, weekly or monthly updates, training, certification, Authorized Certified Trainer (ACT) programs and other services to their members.

Event planning is dynamic and hectic. No one likes dealing with a last-minute venue change. In the unlikely event we have to change the venue, we will transfer the event to a 5-star hotel as near as possible to the original venue. We will refund the payment to the persons that do not want a different venue for any reason (no questions asked).

We will neither take any photos of the audience, nor publish any names or photos on social media.

Target Audience

The CRCMP certification program is beneficial to:

- Risk managers, officers, auditors, and consultants

- Compliance managers, officers, auditors, and consultants

- Senior managers involved in risk and compliance management

- Risk and compliance management vendors, suppliers, and service providers

Course Synopsis

Part A: Compliance with laws and regulations, and risk management

Introduction

Regulatory Compliance and Risk Management

Definitions, roles, and responsibilities

The role of the board of directors, the supervisors, the internal and external auditors

The new international landscape and the interaction among laws, regulations, and standards

The difference between a best practice and a regulatory obligation

Benefits of an enterprise-wide compliance program

Compliance culture: Why it is important, and how to communicate the obligations

Policies, workplace ethics, risk and compliance policies, procedures and the code of conduct

Privacy and information security

Handling confidential information

Conflicts of interest

Use of organizational property

Fair dealings with customers, vendors, and competitors

Reporting ethical concerns

The definition of Governance, Risk, and Compliance

The need for Internal Controls

Understand how to identify, mitigate and control risks effectively

Approaches to risk assessment

Qualitative, quantitative approach

Integrating risk management into corporate governance and compliance

Part B: The frameworks

Internal Controls, COSO, the Internal Control Integrated Framework by the COSO committee

Using the COSO framework effectively

The Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

Effectiveness and Efficiency of Operations

Reliability of Financial Reporting

Compliance with applicable laws and regulations

IT Controls

Program Development and Program Change

Deterrent, Preventive, Detective, Corrective Controls

Recovery, Compensating, Monitoring and Disclosure Controls

Layers of overlapping controls

COSO Enterprise Risk Management (ERM) Framework

Is COSO ERM necessary for compliance?

COSO and COSO ERM

Internal Environment

Objective Setting

Event Identification

Risk Assessment

Risk Response

Control Activities

Information and Communication

Monitoring

The two cubes

Objectives: Strategic, Operations, Reporting, Compliance

ERM – Application Techniques

Core team preparedness

Implementation plan

Likelihood

Impact

COBIT - the framework that focuses on IT

Is COBIT needed for compliance?

COSO or COBIT?

Corporate governance or financial reporting?

Executive Summary

Management Guidelines

The Framework

The 34 high-level control objectives

What to do with the 318 specific control objectives

COBIT Cube

Maturity Models

Critical Success Factors (CSFs)

Key Goal Indicators (KGIs)

Key Performance Indicators (KPIs)

How to use COBIT for compliance

Part C: The Sarbanes-Oxley Standards

The Sarbanes Oxley Act

The Need

US Federal Legislation: Financial reporting or corporate governance?

The Sarbanes-Oxley Act of 2002: Key Sections

SEC, EDGAR, PCAOB, SAG

The Act and its interpretation by the SEC and the PCAOB

PCAOB Auditing Standards: What we need to know

Management's Testing

Management's Documentation

Reports used to Validate SOX Compliant IT Infrastructure

Documentation Issues Sections

302, 404, 906: The three certifications

Sections 302, 404, 906: Examples and case studies

Management's Responsibilities

Committees and Teams

Project Team – Section 404

Disclosure Committee

Audit Committee

Report to the Board of Directors

Control Deficiency

Deficiency in Design

Deficiency in Operation

Significant Deficiency

Material Weakness

Is it a Deficiency, or a Material Weakness?

Reporting Weaknesses and Deficiencies

Examples

Case Studies

Public Disclosure Requirements

Real-Time Disclosures on a rapid and current basis?

Whistleblower protection

Rulemaking process

Companies Affected

International companies

Foreign Private Issuers (FPIs)

American Depository Receipts (ADRs)

Employees Affected

Effective Dates

Part D: The Basel II and Basel III Standards

The Basel Capital Accords

Realigning the regulation with the economic realities of the global banking markets

New capital adequacy framework replaces the 1988 Accord

Improving risk and asset management to avoid financial disasters

"Sufficient assets" to offset risks

The technical challenges for both banks and supervisors

How much capital is necessary to serve as a sufficient buffer?

The three-pillar regulatory structure

Purposes of Basel

Pillar 1: Minimum capital requirements

Credit Risk – 3 approaches

The standardized approach to credit risk

Claims on sovereigns

Claims on banks

Claims on corporates

The internal ratings-based (IRB) approaches to credit risk

Some definitions:

PD - The probability of default,

LGD - The loss given default,

EAD - Exposure at default,

M – Maturity

5 classes of assets

Pillar 2: Supervisory review

Key principles

Aspects and issues of the supervisory review process

Pillar 3: Market discipline

Disclosure requirements

Qualitative and Quantitative disclosures

Guiding principles

Employees Affected

Effective Dates

Operational Risk

What is operational risk

Legal risk

Information Technology operational risk

Operational, operations and operating risk

The evolving importance of operational risk

Quantification of operational risk

Loss categories and business lines

Operational risk measurement methodologies

Identification of operational risk

Operational Risk Approaches

Basic Indicator Approach (BIA)

Standardized Approach (SA)

Alternative Standardized Approach (ASA)

Advanced Measurement Approaches (AMA)

Internal Measurement Approach (IMA)

Loss Distribution (LD)

Standard Normal Distribution

“Fat Tails” in the normal distribution

Expected loss (EL), Unexpected Loss (UL)

Value-at Risk (VaR)

Calculating Value-at Risk

Stress Testing

Stress testing and Basel AMA

Advantages / Disadvantages

Operational Risk Measurement Issues

The game theory

The prisoner’s dilemma – and the connection with operational risk management

Operational risk management

Operational Risk Management Office

Key functions of Operational Risk Management Office

Key functions of Operational Risk Managers

Key functions of Department Heads

Internal and external audit

Operational risk sound practices

Operational risk mitigation

Insurance to mitigate operational risk

Basel II and other regulations

Capital Requirements Directive (CRD)

Aligning Basel II operational risk and Sarbanes-Oxley 404 projects

Common elements and differences of compliance projects

New standards

Disclosure issues

Multinational companies and compliance challenges

What is Basel III?

The Basel III papers

Was Basel II responsible for the market crisis?

Introduction to the Basel III Amendments

The Financial Stability Board (FSB), the G20 and the Basel III framework

The New Basel III Principles for risk management and corporate governance

The key areas where the Basel Committee believes the greatest focus is necessary

Board practices

Senior management

Risk management and internal controls

Compensation

Complex or opaque corporate structures

Disclosure and transparency

Sound Practices for the Management and Supervision of Operational Risk

The 9 principles

Part E: Designing and Implementing a Risk and Compliance Program

Designing and Implementing an enterprise-wide Risk and Compliance Program

Designing an Internal Compliance System

Compliance programs that withstand scrutiny

How to optimize organizational structure for compliance

Documentation

Testing

Training

Ongoing compliance with laws and regulations

Compliance Monitoring

The company and other stakeholders

Managing the regulators and change in regulations

International and national regulatory requirements

Regulatory compliance in Europe

Regulatory compliance in the USA

Other countries

Common elements and differences of compliance projects

New standards

Disclosure issues

Multinational companies and compliance challenges

The instructor will conclude the class with sample questions, that give the candidates a good understanding of what is needed for the exam.